Security Intermediate

What is RBAC (Role-Based Access Control)?

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

RBAC simplifies permission management. Instead of assigning 50 permissions to each of 100 users, you create roles (Admin, Editor, Viewer) with appropriate permissions and assign users to roles. Changing a role updates all users with that role.

RBAC supports role hierarchies (Admin inherits Editor permissions), separation of duties (no single role has all power), and audit compliance. Most applications implement RBAC: database systems, cloud platforms (AWS IAM roles), and web frameworks.

Learn More About This Topic

SELinux & AppArmor Guide

Related reading

Linux Security Hardening

Related reading

SOC Analyst Fundamentals

Related reading

Related Terms

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

CSRF (Cross-Site Request Forgery)

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

View All Security Terms →